ansible指路篇-安装及基本命令使用

                                            作者:尹正杰

版权声明:原创作品,谢绝转载!否则将追究法律责任。

一.什么是ansible

  ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
 ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:

   >.连接插件connection plugins:负责和被监控端实现通信;

   >.host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;

   >.各种模块核心模块、command模块、自定义模块;

   >.借助于插件完成记录日志邮件等功能;

   >.playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
 
二.准备环境
  我们本次试验需要4台主机,1台web服务器,2台数据库服务器,1台发送指令的服务器。并且需要配置好域名。其对应关系如下:
主机名称 对应IP 部署服务
node1.yinzhengjie.com 192.168.105/24 http
node2.yinzhengjie.com 192.168.1.110/24 nginx,mysql
node3.yinzhengjie.com 192.168.1.115/24 mysql
node4.yinzhengjie.com 192.168.1.200/24 ansible 
 [root@yinzhengjie ~]# ifconfig |grep addr | head -|tail - |cut -d ":" -f  | awk '{print $1}'

 192.168.1.200

 [root@yinzhengjie ~]# more /etc/hosts | grep yinzhengjie

 192.168.1.105   node1.yinzhengjie.com

 192.168.1.110   node2.yinzhengjie.com

 192.168.1.115   node3.yinzhengjie.com

 192.168.1.200   node4.yinzhengjie.com

 [root@yinzhengjie ~]#
三.安装ansible
1.下载安装包(RPM包搜索站点:https://pkgs.org/
 [root@yinzhengjie ~]# wget http://dl.fedoraproject.org/pub/epel/6/x86_64//ansible-2.3.2.0-1.el6.noarch.rpm

 [root@yinzhengjie ~]# rpm -qpi ansible-2.3.2.0-.el6.noarch.rpm
2.yum安装即可(它可以自动解决依赖关系)
  [root@yinzhengjie ~]# yum -y install ansible-2.3.2.0-.el6.noarch.rpm 
3.查看安装完毕后生产了哪些文件
 [root@yinzhengjie ~]#  rpm -qal ansible |wc -l

                         ------------->由于文件行数过多,此处我就不列出了

 [root@yinzhengjie ~]#
4.修改配置文件
 [root@yinzhengjie ~]# cd /etc/ansible/

 [root@yinzhengjie ansible]# more hosts |tail -

 #Add by yinzhengjie

 [webservers]

 node1.yinzhengjie.com

 node2.yinzhengjie.com

 [dbservers]

 node2.yinzhengjie.com

 node3.yinzhengjie.com

 [root@yinzhengjie ansible]#
 
5.配置无秘钥登录证书
a>..生成证书
 [root@yinzhengjie ~]# cd

 [root@yinzhengjie ~]# ssh-keygen -t rsa -P ''

 Generating public/private rsa key pair.

 Enter file in which to save the key (/root/.ssh/id_rsa):

 /root/.ssh/id_rsa already exists.

 Overwrite (y/n)? y

 Your identification has been saved in /root/.ssh/id_rsa.

 Your public key has been saved in /root/.ssh/id_rsa.pub.

 The key fingerprint is:

 ::9e:::6b::::7a:7e::c8::af: root@yinzhengjie

 The key's randomart image is:

 +--[ RSA ]----+

 |      .o+oo.=+  .|

 |       +o. +. oo.|

 |      ..o....E.o.|

 |       oo. .o.o  |

 |      . S. . o   |

 |          .      |

 |                 |

 |                 |

 |                 |

 +-----------------+

 [root@yinzhengjie ~]#
b>.将公钥拷贝到其他的服务器上去
 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node1.yinzhengjie.com

 The authenticity of host 'node1.yinzhengjie.com (192.168.1.105)' can't be established.

 RSA key fingerprint is ::2b:::::::c1:be:e3:ba:::.

 Are you sure you want to continue connecting (yes/no)? yes

 Warning: Permanently added 'node1.yinzhengjie.com' (RSA) to the list of known hosts.

 root@node1.yinzhengjie.com's password:

 Now try logging into the machine, with "ssh 'root@node1.yinzhengjie.com'", and check in:

   .ssh/authorized_keys

 to make sure we haven't added extra keys that you weren't expecting.

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node2.yinzhengjie.com

 The authenticity of host 'node2.yinzhengjie.com (192.168.1.110)' can't be established.

 RSA key fingerprint is ::0a:6e::e9:::e5:c8:3f:b3:1d:::8e.

 Are you sure you want to continue connecting (yes/no)? yes

 Warning: Permanently added 'node2.yinzhengjie.com,192.168.1.110' (RSA) to the list of known hosts.

 root@node2.yinzhengjie.com's password:

 Now try logging into the machine, with "ssh 'root@node2.yinzhengjie.com'", and check in:

   .ssh/authorized_keys

 to make sure we haven't added extra keys that you weren't expecting.

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node3.yinzhengjie.com

 The authenticity of host 'node3.yinzhengjie.com (192.168.1.115)' can't be established.

 RSA key fingerprint is :a4:bf:f7:b7::e7:e6:ce::bb:8f:e7:d8:e5:.

 Are you sure you want to continue connecting (yes/no)? yes

 Warning: Permanently added 'node3.yinzhengjie.com,192.168.1.115' (RSA) to the list of known hosts.

 root@node3.yinzhengjie.com's password:

 Now try logging into the machine, with "ssh 'root@node3.yinzhengjie.com'", and check in:

   .ssh/authorized_keys

 to make sure we haven't added extra keys that you weren't expecting.

 [root@yinzhengjie ~]#
 
c>.验证是否配置成功
 [root@yinzhengjie ~]# ssh node1.yinzhengjie.com

 Last login: Fri Oct  ::  from 192.168.1.161

 [root@yinzhengjie ~]# ifconfig |grep addr | head -|tail - |cut -d ":" -f  | awk '{print $1}'

 192.168.1.105

 [root@yinzhengjie ~]# logout

 Connection to node1.yinzhengjie.com closed.

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ifconfig |grep addr | head -|tail - |cut -d ":" -f  | awk '{print $1}'

 192.168.1.200

 [root@yinzhengjie ~]#
四.ansible简单应用
1.检查所有定义的主机是否在线
 [root@yinzhengjie ~]# ansible all -m ping

 node3.yinzhengjie.com | SUCCESS => {

     "changed": false,

     "ping": "pong"

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": false,

     "ping": "pong"

 }

 node1.yinzhengjie.com | SUCCESS => {

     "changed": false,

     "ping": "pong"

 }

 [root@yinzhengjie ~]#
2.查看所有定义的主机的时间
 [root@yinzhengjie ~]# ansible all -m command -a 'date'

 node3.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node2.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node1.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible all -a 'date'

 node3.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node1.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node2.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 [root@yinzhengjie ~]#
3.检查所有定义的主机的http服务是否正常
 [root@yinzhengjie ~]# ansible all -m command -a 'service httpd status'

  [WARNING]: Consider using service module rather than running service

 node1.yinzhengjie.com | SUCCESS | rc= >>

 httpd (pid  ) is running...

 node3.yinzhengjie.com | FAILED | rc= >>

 httpd is stopped

 node2.yinzhengjie.com | FAILED | rc= >>

 httpd is stopped

 [root@yinzhengjie ~]#
4.拷贝本地文件到定义的服务器群组
 [root@yinzhengjie ~]# ansible dbservers -m copy -a "src=/root/ansible-2.3.2.0-1.el6.noarch.rpm dest=/tmp/"

 node3.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "checksum": "fb5559c1d886fdc5f4f553a44372cc0230189362",

     "dest": "/tmp/ansible-2.3.2.0-1.el6.noarch.rpm",

     "gid": ,

     "group": "root",

     "md5sum": "8388f98019479244b5098e5e23941da7",

     "mode": "",

     "owner": "root",

     "secontext": "unconfined_u:object_r:admin_home_t:s0",

     "size": ,

     "src": "/root/.ansible/tmp/ansible-tmp-1507900705.1-53916243211948/source",

     "state": "file",

     "uid":

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "checksum": "fb5559c1d886fdc5f4f553a44372cc0230189362",

     "dest": "/tmp/ansible-2.3.2.0-1.el6.noarch.rpm",

     "gid": ,

     "group": "root",

     "md5sum": "8388f98019479244b5098e5e23941da7",

     "mode": "",

     "owner": "root",

     "secontext": "unconfined_u:object_r:admin_home_t:s0",

     "size": ,

     "src": "/root/.ansible/tmp/ansible-tmp-1507900705.18-246525313248421/source",

     "state": "file",

     "uid":

 }

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible dbservers -a "ls /tmp"

 node3.yinzhengjie.com | SUCCESS | rc= >>

 ansible-2.3.2.0-.el6.noarch.rpm

 ansible_46ihbB

 keyring-Dp3ZRf

 ks-script-VsmDKH

 ks-script-VsmDKH.log

 orbit-gdm

 orbit-root

 pulse-qotd3GsczqPx

 pulse-sxkC9wDU7bP6

 vgauthsvclog.txt.

 virtual-root.mMq8ds

 vmware-config0

 VMwareDnD

 vmware-root

 yum.log

 node2.yinzhengjie.com | SUCCESS | rc= >>

 ansible-2.3.2.0-.el6.noarch.rpm

 ansible_KZ8J1M

 keyring-pUri5c

 orbit-gdm

 orbit-root

 pulse-UgBUKbuMXzGR

 [root@yinzhengjie ~]#
5.定义周期计划任务的模块
 [root@yinzhengjie ~]# ansible all -m cron -a 'name="yinzhengjie is good boy" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 1.cn.pool.ntp.org"'

 node3.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "envs": [],

     "jobs": [

         "yinzhengjie is good boy"

     ]

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "envs": [],

     "jobs": [

         "yinzhengjie is good boy"

     ]

 }

 node1.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "envs": [],

     "jobs": [

         "yinzhengjie is good boy"

     ]

 }

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible all -a "crontab -l"

 node2.yinzhengjie.com | SUCCESS | rc= >>

 #Ansible: yinzhengjie is good boy

 */ * * * * /usr/sbin/ntpdate .cn.pool.ntp.org

 node3.yinzhengjie.com | SUCCESS | rc= >>

 #Ansible: yinzhengjie is good boy

 */ * * * * /usr/sbin/ntpdate .cn.pool.ntp.org

 node1.yinzhengjie.com | SUCCESS | rc= >>

 #Ansible: yinzhengjie is good boy

 */ * * * * /usr/sbin/ntpdate .cn.pool.ntp.org

 [root@yinzhengjie ~]#
 
6.给所有定义的主机创建组
 [root@yinzhengjie ~]# ansible all -m group -a "gid=306 system=yes name=yinzhengjie520"

 node1.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "gid": ,

     "name": "yinzhengjie520",

     "state": "present",

     "system": true

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "gid": ,

     "name": "yinzhengjie520",

     "state": "present",

     "system": true

 }

 node3.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "gid": ,

     "name": "yinzhengjie520",

     "state": "present",

     "system": true

 }

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible all -a "tail -1 /etc/group"

 node3.yinzhengjie.com | SUCCESS | rc= >>

 yinzhengjie520:x::

 node1.yinzhengjie.com | SUCCESS | rc= >>

 yinzhengjie520:x::

 node2.yinzhengjie.com | SUCCESS | rc= >>

 yinzhengjie520:x::

 [root@yinzhengjie ~]#
 
五.ansible模块
  关于ping,date等一些命令其实都是ansible所对应的模块,因此,我们熟悉它的常用模块(ansible支持上千多个模块)还是很有必要的。用下面的命令就可以查看其支持的模块的使用方式。
1.查看ansible支持的模块个数
[root@yinzhengjie ~]# ansible-doc -l | wc -l
1039
[root@yinzhengjie ~]#
2.查看ansible对某个模块的帮助
[root@yinzhengjie ~]# ansible-doc -s copy
3.指点迷津
  想要学好ansible这个开源工具,需要熟练掌握YAML,palybook,corosync集群,crmch和pcs的使用方式。生产环境中我用不到这些。我用ansible就是因为生产环境中有50台服务器需要安装zabbix_agent服务器。听朋友介绍这个软件好使,就来研究一下。我的思路就是用ansible命令来管理所有主机,当然我会把shell安装脚本分发到各个服务器上去。帮我执行任务即可。
 
 
 

ansible指路篇-安装及基本命令使用的更多相关文章

  1. Ansible第一篇:介绍及安装

    Ansible介绍 Ansible是个什么东西呢?官方的title是"Ansible is Simple IT Automation"--简单的自动化IT工具.ansible基于P ...

  2. python Django教程 之 安装、基本命令、视图与网站

    python  Django教程  之 安装.基本命令.视图与网站 一.简介 Django 中提供了开发网站经常用到的模块,常见的代码都为你写好了,通过减少重复的代码,Django 使你能够专注于 w ...

  3. 自动化运维工具之 Ansible 介绍及安装使用

    一.初识Ansible 介绍: Absible 使用 模块(Modules)来定义配置任务.模块可以用标准脚本语言(Python,Bash,Ruby,等等)编写,这是一个很好的做法,使每个模块幂等.A ...

  4. 【OpenCV入门指南】第一篇 安装OpenCV

    http://blog.csdn.net/morewindows/article/details/8225783/ win10下vs2015配置Opencv3.1.0过程详解(转) http://ww ...

  5. ansible自动化工具安装和简单使用

    ansible自动化工具安装和简单使用 1.安装 ansible依赖于Python 2.6或更高的版本.paramiko.PyYAML及Jinja2. 2.1 编译安装 解决依赖关系 # yum -y ...

  6. ansible示例,离线安装etcd

    一.基础介绍 ========================================================================================== 1. ...

  7. Ansible介绍及安装部署

    本节内容: 运维工具 Ansible特性 Ansible架构图和核心组件 安装Ansible 演示使用示例 一.运维工具 作为一个Linux运维人员,需要了解大量的运维工具,并熟知这些工具的差异,能够 ...

  8. ansible介绍和安装

    ansible是由 Python 编写的强大的配置管理解决方案,ansible 的特点就在于它的简洁与高效率 ansible与其他的配置管理工具不同点在于:不需要你在想要配置的每个节点上安装自己的组件 ...

  9. ansible入门一(Ansible介绍及安装部署)

    本节内容: 运维工具 Ansible特性 Ansible架构图和核心组件 安装Ansible 演示使用示例 一.运维工具 作为一个Linux运维人员,需要了解大量的运维工具,并熟知这些工具的差异,能够 ...

随机推荐

  1. [what is machine learning?]

    1.2 [what is machine learning?] 1.人:observation -->  learing  -->  skill 机器:data --> ML --& ...

  2. Python 中的字符串(str)、字典(dict)详解及操作方法

    一.字符串 在python中字符串是一种重要数据类型.其他数据类型分别为: 数字-number -------- int.long.float.complex这几种 字符串-string ------ ...

  3. Jquery :animate反复执行的动画可以利用函数的回调

    <html><head><script type="text/javascript" src="/jquery/jquery.js" ...

  4. React 模板

    <!DOCTYPE html><html><head lang="en"> <meta charset="UTF-8" ...

  5. Jest & React & Enzyme

    Jest & React & Enzyme auto units testing https://reactjs.org/docs/test-utils.html https://gi ...

  6. Test Scenarios for a window

    1 check if default window size is correct2 check if child window size is correct3 check if there is ...

  7. Struts2 Intercepter 笔记

    以前一直对Struts2的自定义拦截器(intercepter)不是很清楚,今天仔细研究了下,终于搞懂了,现在记录对拦截器的总结如下: 1:自定义拦截器的作用一般就是用来实现系统权限控制比较多: 2: ...

  8. maven dependcymanage作用在父类里面定义依赖包 子类不会自动继承需要主动使用 这样解决了父类引用任意包 子类就会引用的问题

    maven dependcymanage作用在父类里面定义依赖包 子类不会自动继承需要主动使用 这样解决了父类引用任意包 子类就会引用的问题  子类在引用时候 不需要加上版本号

  9. Nginx HTTP 过滤addition模块(响应前后追加数据)

    --with-http_addition_module 需要编译进Nginx 其功能主要在响应前或响应后追加内容 add_before_body 指令 将处理给定子请求后返回的文本添加到响应正文之前 ...

  10. 关于js特效轮播图练习

    [出现问题] js轮播图,图片未正常轮播. [解决方法] 通过对代码的检查,发现是以下三个原因造成的错误. 1.js代码问题 js代码使用alert(test);,测试修改完毕后,发现依然没有解决错误 ...